After a half day of work with the Shutdown shell_command for WOL Switch, I want to share my findings so that maybe it can be helpful for others.
First I tried the RPC add-on, which did not work for me, since I’m using Windows 11, and for what ChatGPT told me, this is not supported anymore since Win10. Then I jumped over to the shell_command implementation. I installed the OpenSSH server via the additional feature option and needed another few hours of checking configurations on both sides because I couldn’t get a successful connection from the pi to the PC. It turns out that, because I tested this with a user who has admin rights on my PC, and since I wanted to use a key file, I needed to put the public key into the administrator authorized keys file under C:\ProgramData\ssh\administrators_authorized_keys and set the permission for administrators like this:
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /grant BUILTIN\Administrators:F
icacls "C:\ProgramData\ssh\administrators_authorized_keys" /grant SYSTEM:R
and within the sshd_config the following options need to be enabled:
Port 22
PubkeyAuthentication yes
PasswordAuthentication no
After this, I could successfully use ssh from the pi to log into my pc and run the shutdown command:
shutdown_pc: "ssh USER@IP_PC 'shutdown /s /f /t 0'"
But when I used the switch, nothing happened. So I checked the command by running it from the developer tools under the option Actions and got the error message:
stdout: ""
stderr: Host key verification failed.
returncode: 255
I then changed the shell command to write everything into a debug.log like this:
shutdown_pc: "ssh -v -o LogLevel=DEBUG USER@IP_PC 'shutdown /s /f /t 0' > /config/ssh_debug.log 2>&1"
There I could read that it can not find the private key file:
OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to 192.168.0.XXX [192.168.0.XXX] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.7
debug1: compat_banner: match: OpenSSH_9.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.0.XXX:22 as 'user'
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:p5dJJ....rest_of_the_key
debug1: load_hostkeys: fopen /root/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /root/.ssh/known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /root/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
Especially the line “debug1: identity file /root/.ssh/id_rsa type -1” triggered me.
Since I used the pi configuration tool to write the HAOS to my SD card, I didn’t know that HA is running as a docker container and after to try this command:
docker exec -it homeassistant bash
I was within the container and checked the /root/.ssh folder, which was not present.
So I created the folders and copied everything over to the docker container with the following commands:
Create needed folders within the docker:
mkdir -p /root/.ssh
chmod 700 /root/.ssh
Outside docker:
docker cp /path/to/your/ssh_keys/id_rsa homeassistant:/root/.ssh/id_rsa
docker cp /path/to/your/ssh_keys/id_rsa.pub homeassistant:/root/.ssh/id_rsa.pub
docker cp /path/to/known_hosts homeassistant:/root/.ssh/known_hosts
Inside docker again
chmod 600 /root/.ssh/id_rsa
chmod 644 /root/.ssh/id_rsa.pub
chmod 644 /root/.ssh/known_hosts
After this mod, the shell_command did successfully run, and I’m now able to shut down my PC with the WOL switch.